Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/xv_rICPuGTvD6ScITP8bU4s29kI.roa
File:                     xv_rICPuGTvD6ScITP8bU4s29kI.roa (raw, json)
Hash identifier:          eF9p3Ueapy3+1vaTSpncjWTz8xDVpoQXfQgMEWvYRQE=
Subject key identifier:   C6:FF:EB:20:23:EE:19:3B:C3:E9:27:08:4C:FF:1B:53:8B:36:F6:42
Certificate issuer:       /CN=8daf61f6608f9a9eac14b18224854807bcdc1324
Certificate serial:       019740F612B957F1BD0152D0A24926CB413E
Authority key identifier: 8D:AF:61:F6:60:8F:9A:9E:AC:14:B1:82:24:85:48:07:BC:DC:13:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/xv_rICPuGTvD6ScITP8bU4s29kI.roa
Signing time:             Thu 05 Jun 2025 16:39:17 +0000
ROA not before:           Thu 05 Jun 2025 16:39:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213492
IP address blocks:        2a09:9340:1808::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:f6:12:b9:57:f1:bd:01:52:d0:a2:49:26:cb:41:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8daf61f6608f9a9eac14b18224854807bcdc1324
        Validity
            Not Before: Jun  5 16:39:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6ffeb2023ee193bc3e927084cff1b538b36f642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1a:43:5b:b2:27:30:5c:67:22:20:84:d7:fb:
                    3e:50:d9:ff:27:c7:fd:7b:5d:51:e4:c7:ce:c1:50:
                    f7:11:7e:63:95:42:f5:19:cb:39:a9:9c:32:cb:9a:
                    33:2e:f2:61:f3:b2:43:b1:10:d2:37:b9:e8:bb:48:
                    66:1c:7f:5c:7b:66:be:6b:63:d4:28:d8:d9:d0:3a:
                    96:66:ba:00:f3:a1:d5:fd:39:24:cb:91:03:21:57:
                    8c:c9:66:a0:09:35:d7:8c:ad:93:36:49:3a:32:5e:
                    24:6b:df:b0:22:aa:51:13:bf:4f:07:3d:18:3d:23:
                    8c:3d:6b:00:f4:5f:b1:38:d6:2e:62:eb:bf:84:a9:
                    74:17:22:bf:e9:f4:74:29:0b:0f:68:e5:01:31:3b:
                    5a:75:bf:38:2e:9b:50:02:6a:e6:40:a3:46:73:e8:
                    e8:73:05:01:b1:31:5f:78:14:69:70:09:09:24:71:
                    57:88:7b:42:fc:a3:bc:cd:e4:a2:e5:d2:27:36:f9:
                    3d:d8:2c:9d:d9:be:26:ca:7b:dd:eb:84:fa:7f:fc:
                    87:8d:a5:34:ca:f9:18:6d:92:aa:8a:96:2c:f5:02:
                    c6:f9:ee:67:8a:db:c4:7b:60:7f:3c:c3:f2:73:e9:
                    6f:a0:2c:b7:b8:9d:b6:18:de:6f:77:44:3e:86:79:
                    c8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FF:EB:20:23:EE:19:3B:C3:E9:27:08:4C:FF:1B:53:8B:36:F6:42
            X509v3 Authority Key Identifier:
                keyid:8D:AF:61:F6:60:8F:9A:9E:AC:14:B1:82:24:85:48:07:BC:DC:13:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/xv_rICPuGTvD6ScITP8bU4s29kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:9340:1808::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:b3:3e:f5:90:83:82:40:bf:78:e3:10:58:cd:ab:73:d6:2f:
         1a:2c:c6:ad:0c:a3:86:8c:15:32:f6:b1:7d:4e:5c:0d:bf:61:
         2f:8a:87:54:d4:eb:18:b2:91:00:57:c9:21:91:32:0a:b6:c3:
         1c:5f:4b:1d:11:21:05:fa:2c:79:d9:25:d6:0a:95:14:c5:7b:
         d7:78:70:0d:b4:f3:9a:57:81:64:88:7e:66:7d:0c:ea:d0:17:
         08:c7:4d:f0:66:22:b7:2d:ef:0b:dd:a6:9b:67:9c:3c:68:c5:
         e9:26:03:59:91:c0:8a:f3:b9:40:aa:f6:a5:0e:c2:59:bb:6a:
         2d:d8:55:de:18:c5:c6:b4:a6:01:55:95:09:50:24:2a:b8:ad:
         f9:2a:d1:f0:c8:1f:44:ea:2e:c2:01:4f:82:4e:92:49:a3:96:
         85:31:ea:e0:58:98:5c:bc:4b:f7:c6:fd:81:06:c5:a6:4b:2c:
         42:ce:bb:53:d1:4b:80:f9:ea:fc:98:c4:a8:dd:20:92:61:58:
         97:6f:0d:55:10:da:48:40:c5:4b:e9:47:a8:c8:87:d3:94:21:
         5f:a1:b3:97:c8:c2:2d:c4:13:cc:7c:a3:2d:44:6f:ff:81:3e:
         8a:15:02:2c:d4:63:ed:8a:16:ab:c4:18:5b:24:82:b2:b3:f3:
         33:83:3c:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdA9hK5V/G9AVLQokkmy0E+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYWY2MWY2NjA4ZjlhOWVhYzE0YjE4MjI0ODU0ODA3YmNk
YzEzMjQwHhcNMjUwNjA1MTYzOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmZmZWIyMDIzZWUxOTNiYzNlOTI3MDg0Y2ZmMWI1MzhiMzZmNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBpDW7InMFxnIiCE1/s+UNn/J8f9
e11R5MfOwVD3EX5jlUL1Gcs5qZwyy5ozLvJh87JDsRDSN7nou0hmHH9ce2a+a2PU
KNjZ0DqWZroA86HV/Tkky5EDIVeMyWagCTXXjK2TNkk6Ml4ka9+wIqpRE79PBz0Y
PSOMPWsA9F+xONYuYuu/hKl0FyK/6fR0KQsPaOUBMTtadb84LptQAmrmQKNGc+jo
cwUBsTFfeBRpcAkJJHFXiHtC/KO8zeSi5dInNvk92Cyd2b4mynvd64T6f/yHjaU0
yvkYbZKqipYs9QLG+e5nitvEe2B/PMPyc+lvoCy3uJ22GN5vd0Q+hnnIqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMb/6yAj7hk7w+knCEz/G1OLNvZCMB8GA1UdIwQY
MBaAFI2vYfZgj5qerBSxgiSFSAe83BMkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamE5aDltQ1BtcDZzRkxHQ0pJVklCN3pjRXlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81MGY5MzUtZDY3NS00MDg5LWFhZTUt
ZmIyNGJlNzVhM2Y0LzEveHZfcklDUHVHVHZENlNjSVRQOGJVNHMyOWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81MGY5MzUtZDY3NS00MDg5LWFhZTUtZmIyNGJlNzVhM2Y0
LzEvamE5aDltQ1BtcDZzRkxHQ0pJVklCN3pjRXlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmTQBgI
MA0GCSqGSIb3DQEBCwUAA4IBAQCGsz71kIOCQL944xBYzatz1i8aLMatDKOGjBUy
9rF9TlwNv2EviodU1OsYspEAV8khkTIKtsMcX0sdESEF+ix52SXWCpUUxXvXeHAN
tPOaV4FkiH5mfQzq0BcIx03wZiK3Le8L3aabZ5w8aMXpJgNZkcCK87lAqvalDsJZ
u2ot2FXeGMXGtKYBVZUJUCQquK35KtHwyB9E6i7CAU+CTpJJo5aFMergWJhcvEv3
xv2BBsWmSyxCzrtT0UuA+er8mMSo3SCSYViXbw1VENpIQMVL6UeoyIfTlCFfobOX
yMItxBPMfKMtRG//gT6KFQIs1GPtiharxBhbJIKys/Mzgzza
-----END CERTIFICATE-----